10 Ways Businesses Fail at Insider Threat Detection

By Gina Roos

Many organizations are vulnerable to attack because they lack the tools to prevent and detect insider threats, according to a recent SANS Institute study, sponsored by SpectorSoft. Nearly three-fourths of the 772 IT security professionals surveyed are concerned about threats from negligent or malicious employees, but almost half don't know how much they spend on insider threats. The majority are concerned about data loss, including compromised personally identifiable information (67%), damage to reputation (54%) and revealing confidential business information (51%), yet the study finds serious gaps in protecting against these threats. A look at the top six industries in the survey, including technology/IT services, showed that it took organizations from 12 to 48 days to detect an insider breach and from less than one day to 60 days to respond. Many organizations lack the budget and staff to implement and maintain prevention/detection tools; this creates opportunities for managed security services providers to help these businesses develop, implement and maintain a security plan. Here are 10 key findings from the survey.

This article was originally published on 2015-05-05